Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Resolver] Fixing ES mapping failure for ES archiver #100835

Merged
merged 2 commits into from
May 28, 2021
Merged

[Security Solution][Resolver] Fixing ES mapping failure for ES archiver #100835

merged 2 commits into from
May 28, 2021

Conversation

jonathan-buttner
Copy link
Contributor

@jonathan-buttner jonathan-buttner commented May 27, 2021
edited
Loading

This PR fixes an ES failure that was occurring in a new 7.13 release of Elasticsearch. The failure is because our mapping was trying to set this field index.routing.allocation.include._tier.

Related issue with more background here: #100697

To test run the following integration tests:

Start the server:

yarn test:ftr:server --config x-pack/test/security_solution_endpoint_api_int/config.ts

Start the runner

yarn test:ftr:runner --config x-pack/test/security_solution_endpoint_api_int/config.ts

@jonathan-buttner jonathan-buttner added v8.0.0 release_note:skip Skip the PR/issue when compiling release notes Feature:Resolver Security Solution Resolver feature Team:Threat Hunting Security Solution Threat Hunting Team v7.14.0 labels May 27, 2021
@spalger
Copy link
Contributor

spalger commented May 27, 2021

@elasticmachine merge upstream

(restarting now that updated ES build is promoted)

spalger
spalger approved these changes May 27, 2021
View reviewed changes
Copy link
Contributor

@spalger spalger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM on green CI

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

Unknown metric groups

References to deprecated APIs

id before after diff
canvas 29 25 -4
crossClusterReplication 8 6 -2
globalSearch 4 2 -2
indexManagement 12 7 -5
infra 261 149 -112
lens 67 45 -22
licensing 18 15 -3
maps 286 208 -78
securitySolution 386 342 -44
stackAlerts 101 95 -6
total -278

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@jonathan-buttner jonathan-buttner marked this pull request as ready for review May 28, 2021 13:07
@jonathan-buttner jonathan-buttner requested a review from a team as a code owner May 28, 2021 13:07
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Feature:Resolver)

@jonathan-buttner jonathan-buttner added the auto-backport Deprecated - use backport:version if exact versions are needed label May 28, 2021
@jonathan-buttner jonathan-buttner enabled auto-merge (squash) May 28, 2021 13:08
@jonathan-buttner jonathan-buttner linked an issue May 28, 2021 that may be closed by this pull request
Failing ES Promotion: Endpoint plugin Resolver tests Resolver tests for the entity route winlogbeat tests "before all" hook for "returns a winlogbeat sysmon event when the event matches the schema correctly" #100697
Closed
@jonathan-buttner jonathan-buttner merged commit 692806a into elastic:master May 28, 2021
kibanamachine added a commit to kibanamachine/kibana that referenced this pull request May 28, 2021
@jonathan-buttner @kibanamachine
Fixing ES archive mapping failure (elastic#100835)
fca2b45 
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
@kibanamachine kibanamachine mentioned this pull request May 28, 2021
Merged
@kibanamachine
Copy link
Contributor

💚 Backport successful

Status Branch Result
7.x

This backport PR will be merged automatically after passing CI.

@jonathan-buttner jonathan-buttner deleted the fix-resolver-winlogbeat-archive branch May 28, 2021 16:52
kibanamachine added a commit that referenced this pull request May 28, 2021
@kibanamachine @jonathan-buttner
Fixing ES archive mapping failure (#100835) (#100917)
92bc2ec 
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

Co-authored-by: Jonathan Buttner <56361221+jonathan-buttner@users.noreply.github.com>
gmmorris added a commit to gmmorris/kibana that referenced this pull request May 28, 2021
@gmmorris
Merge branch 'master' into task-manager/capacity-estimation
d1de507 
* master: (77 commits)
  [RAC][Security Solution] Register Security Detection Rules with Rule Registry (elastic#96015)
  [Enterprise Search] Log warning for Kibana/EntSearch version mismatches (elastic#100809)
  updating the saved objects test to include more saved object types (elastic#100828)
  [ML] Fix categorization job view examples link when datafeed uses multiple indices (elastic#100789)
  Fixing ES archive mapping failure (elastic#100835)
  Fix bug with Observability > APM header navigation (elastic#100845)
  [Security Solution][Endpoint] Add event filters summary card to the fleet endpoint tab (elastic#100668)
  [Actions] Taking space id into account when creating email footer link (elastic#100734)
  Ensure comments on parameters in arrow functions are captured in the docs and ci metrics. (elastic#100823)
  [Security Solution] Improve find rule and find rule status route performance (elastic#99678)
  [DOCS] Adds video to introduction (elastic#100906)
  [Fleet] Improve combo box for fleet settings (elastic#100603)
  [Security Solution][Endpoint] Endpoint generator and data loader support for Host Isolation (elastic#100813)
  [DOCS] Adds Lens video (elastic#100898)
  [TSVB] [Table tab] Fix "Math" aggregation (elastic#100765)
  chore(NA): moving @kbn/io-ts-utils into bazel (elastic#100810)
  [Alerting] Adding feature flag for enabling/disabling rule import and export (elastic#100718)
  [TSVB] Fix Upgrading from 7.12.1 to 7.13.0 breaks TSVB (elastic#100864)
  [Lens] Adds dynamic table cell coloring (elastic#95217)
  [Security Solution][Endpoint] Do not display searchbar in security-trusted apps if there are no items (elastic#100853)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michaelolo24 michaelolo24 michaelolo24 approved these changes

@spalger spalger spalger approved these changes

Assignees
No one assigned
Labels
auto-backport Deprecated - use backport:version if exact versions are needed Feature:Resolver Security Solution Resolver feature release_note:skip Skip the PR/issue when compiling release notes Team:Threat Hunting Security Solution Threat Hunting Team v7.14.0 v8.0.0
Projects
None yet
Milestone
No milestone
5 participants
@jonathan-buttner @spalger @kibanamachine @elasticmachine @michaelolo24